Re: [clamav-users] Can I deploy the virus database to our intranet?
On Wed, Aug 6, 2014 at 1:09 PM, Matus UHLAR - fantomas wrote: > On 06.08.14 10:42, Tian Zhiying wrote: >> >> Our intranet has limited, so, we can't update virus database everyday, can >> I deploy the virus database to our intranet? > > > http://www.clamav.net/doc/latest/clamav-mirror-howto.pdf For the OP's purpose it'd probably be MUCH easier to: - setup a proxy server (e.g. squid) - setup freshclam to use that proxy (HTTPProxyServer on freshclam.conf) - (optional) set DatabaseMirror to use a specific mirror (selected manually from http://www.clamav.net/mirrors.html) so that the proxy cache would be more effective (e.g. it would not get invalidated if you end up redirected to another mirror with different file modification time) -- Fajar ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [Clamav-users] freshclam - how to hard-code to specific IP?
On Wed, Sep 2, 2009 at 1:18 PM, Tomasz Kojm wrote: > On Wed Sep 02 2009 00:55:09 GMT+0200 (CEST) > W S wrote: >> Folks, >> >> Is there anyway to Hard-Code IP address for updating ClamAV db? >> I see this keep changing: >> >> % host database.clamav.net > > That's on purpose. First of all, if some mirror fails, freshclam will > temporarily blacklist it and try the other ones. Secondly, the round > robin record helps to distribute the load from the clients among > available mirrors. You should never be sticking to a single IP. Unless you maintain your own clamav mirror, which is closer to you then any other mirrors, and you trust to have close to 100% uptime :D Here's a snippet from freshclam.conf on my clamav installation (from RPM package) #= # database.clamav.net is a round-robin record which points to our most # reliable mirrors. It's used as a fall back in case db.XY.clamav.net is # not working. DO NOT TOUCH the following line unless you know what you # are doing. DatabaseMirror db.id.clamav.net DatabaseMirror db.local.clamav.net #= So you can use DatabaseMirror directive. -- Fajar ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Thoughts on software QA Testing (or lack thereof...)
2009/11/6 Török Edwin : > One of the build problems was an error when 'git' was not installed. > Unfortunately all of the machines we test ClamAV on have git in $PATH > (it is how it checks out the latest version). I usually do software compilation/packaging on specially-prepared chroot environment, which I can tune according to that software's special needs. For most packages it's simply a new directory created with "yum --installroot=... install ..." Fedora has Mock, which does the similar thing. > For the next release we'll setup a buildhost that doesn't have git > installed. > The other problem (missing include unistd.h) only occurs on old > distributions, which we lack in our buildfarm. > > We're currently investigating the possibility of using the OpenSUSE > build service to test the next ClamAV release on multiple Linux > distributions, including many old ones: > openSUSE 11.x, SLES/SLED 9/10/11, Fedora 10/11, RHEL 4/5, CentOS 5, > Mandriva 2009, xUbuntu 6.06/8.04/8.10/9.04 My build host is actually just a Xen domU running RHEL4 64bit, with chroot environments for RHEL4 and 5 32 and 64bit (which is what we use). It saves the number of host and resources needed for testing. For (open)Solaris, you could probably make use of branded zones which can give you a Linux 2.4 (e.g. Centos3), Solaris 8, Solaris 9, and Solaris 10/Opensolaris build environment. -- Fajar ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] ClamD Scan is not working on ubuntu9.04
On Mon, Mar 8, 2010 at 12:09 PM, Chuck Swiger wrote: > On Mar 7, 2010, at 8:52 PM, aman_none wrote: >> Our scenerio is like this we have to install clamav for surgemail which will >> be installed on Ubuntu OS. We need to integrate with surgemail and hence we >> want to use clamdscan only. > > That decision means you need to give clamd's user to scan whatever it is you > want it to scan. > > "chmod a+rX /var" might be a starting point, sometimes it's easier to simply put clamd's user on surgemail's group, or change clamd's user to be the same as surgemail, or even run clamd as root. Either options have its own security implications though. > but you ought to understand basic Unix filesystem security and the > consequences of what this might be changing first; definitely. -- Fajar ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] usb stick on demand scanning
2011/2/21 Török Edwin : > On 2011-02-19 19:59, Barry Cisna wrote: >> Hello All, >> >> Been using Clamav and Clamwin in our school enviornment for many years >> now. We run into from time to time viruses that get hanged onto our lan >> from kids dragging in stuff that shouldn't be there,on their usb sticks. >> I am sure this has been asked before but I could not honestly find any >> close to realistic solutions. >> Is there any way possible of an 'on demand' scanner that would lock the >> usb stick as soon as it is inserted into a workstation until it was >> scanned and then become available to the end user once it was scanned? > > You can try "Immunet 3.0 powered by ClamAV": > http://www.clamav.net/lang/en/about/win32/ Does it use clamav engine by default? The documentation is a bit vague on that, and the impression I get is that it only use clamav engine when specifically set to do so (it's off by default), and even then only for on-demand scanning. -- Fajar ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Immunet 3.0 powered by ClamAV
On Wed, Feb 23, 2011 at 3:06 AM, Bowie Bailey wrote: > On 2/22/2011 1:01 PM, Török Edwin wrote: >> On 2011-02-22 19:50, Bowie Bailey wrote: >> >>> Will it upgrade ClamAV for Windows 2.0, or do I need to uninstall that >>> version first? >>> >> I think that the upgrade should work, if you launch the installer for >> 3.0 manually (which you can find on the about/win32 page above). >> I think that 2.0 might be upgraded to 3.0 using the in-product updater, >> but that hasn't been triggered yet AFAIK. > > No, the in-product update has not been triggered. I checked that earlier. > > I'll try the manual update if I get around to it before it offers to > update itself. :) > After you install it, please check if you also get the annoying empty small windows on your top-left desktop everytime you login (just checking, in case I'm the only one experiencing the problem). -- Fajar ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Supressing false positives
On Tue, Nov 22, 2011 at 5:29 AM, Shobana Narayanaswamy wrote: > Hi: > > When I run ClamAV on a freebsd appliance, I get a bunch of false positives - > that are primarily due to windows definitions that are not related to this > OS. > Is there a way to supress these or basically ignore these on the next run? Most people run clamav on *nix boxes providing services (e.g. mail, file server, proxy, etc) for clients (including windows). That's why it makes sense to include definition for windows-virus. If you only want to run clamav JUST to protect your freebsd installation, then I'd say don't bother. Simply uninstall it. IMHO there's not THAT many *nix virus in the wild to warrant the use of a *nix-only antivirus. -- Fajar ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Finding false positives
On Mon, Dec 12, 2011 at 12:24 PM, Alex wrote: > Hi, > > I have an email that was blocked by amavisd because clamav tagged it > because it was received from securesites.net. I checked a few > blacklists, and don't see that it was listed, so I was trying to > figure out what the issue was with this domain. > > Another domain it was sent through, northstate.net, is currently > blacklisted, but that wasn't tagged. > > I've pasted the email here: > > http://pastebin.com/raw.php?i=bWVn19ff > > Can someone help me understand why the issue with securesites.net is, > and why this email was blocked because of it? Looking at the line INetMsg.SpamDomain-2w.securesites_net.UNOFFICIAL Are you using third-party signature? If yes, you should ask its maintainer. -- Fajar ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] False positive suspicion - Fax Server Plus
On Tue, May 8, 2012 at 4:18 PM, Al Varnell wrote: > On 5/8/12 1:42 AM, "Nicole Brown" wrote: > >> We got some reports from our customers said our website reported as Malware >> Site by Bitdefender. >> Here is the download links of all our products: >> http://faxserverplus.com/download/FSPQuick.EXE >> http://faxserverplus.com/download/faxserverplusevl.exe >> > Why would you be asking clamav-users to check out something BitDefender > finds? Shouldn't you be contacting them? To be fair, one of the files WAS recognized as malware by clamav : https://www.virustotal.com/file/bf5a62810d8ff28129d84c982e80e4a062d33fd1e082483dfc1f56033491f79d/analysis/1336239300/ So it probably qualifies as FP report. However, since PUA submissions are automatically rejected, I'm not sure what the best way to proceed. The "our website reported as Malware" part should probably be ignored as it's not relevant to this list. -- Fajar ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] freshclam failed this morning
On Mon, Aug 19, 2013 at 10:17 PM, Gene Heskett wrote: > On Monday 19 August 2013 10:47:27 Gene Heskett did opine: > > > On Sunday 18 August 2013 20:09:46 Benny Pedersen did opine: > > > Gene Heskett skrev den 2013-08-18 22:31: > > > > In what context, Benny? > > > > > > dont know really, but i think its possible > > > https://help.ubuntu.com/community/PinningHowto > > > > That is a pretty complex read. Printed for study. Thanks. > > > Studied, saw the backports possibility but when I checked, my sources.list > had already been modified for that. > > So I downloaded the 97.8 tarball and tried to get it to run with > prefix=$HOME, building it as gene. What version do you have installed? Ubuntu should have 0.97.8 in official repo already, no need to compile yourself: http://packages.ubuntu.com/search?suite=lucid-updates&keywords=clamav -- Fajar ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Does clamav have any certificate?
Gregory Carter wrote: > I would ban this user from this list as it is a Ad in disguise. > > He just cross posted this same question to the iptables list. > Why would that be an Ad? Are you 100% sure (or at least sure enough to decide to ban a user) that he wasn't just someone who's trying to put an open-source-based security solution (linux, iptables, clamav, and perhaps snort) and trying to list the pros-and-cons for each alternative before making a decision? Regards, Fajar ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] What's broken?
Don Drake wrote: > I'm seeing the same thing. Even my ClamWin puked. > > -Don > > On 4/10/07, Dennis Peterson <[EMAIL PROTECTED]> wrote: > >> Has the ClamAV backbone died? >> >> It might be related with main.cvd update today. My apache says "205 requests currently being processed, 10 idle workers" I guess clamav's popularity (at least on some parts of the world) has exceeded its mirror capacity. Regards, Fajar ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] What's broken?
Dennis Peterson wrote: > Fajar A. Nugraha wrote: > >>> On 4/10/07, Dennis Peterson <[EMAIL PROTECTED]> wrote: >>> >>> >>>> Has the ClamAV backbone died? >>>> >>>> >>>> >> It might be related with main.cvd update today. >> > Are you running a ClamAV mirror, Fajar? > > Yes. But if (just in case) you're thinking about changing freshclam.conf to use anything other than database.clamav.net, I suggest that you don't. Unless you're running a mirror (either public, or private by mirrorring *.cvd manually), in which case changing DatabaseMirror to your local mirror is highly recommended. Regards, Fajar ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] What's broken?
John W. Baxter wrote: > This is made more complex for us by the fact that freshclam builds new > directories and files with permissions which don't work for us. Does this still happen on development version? Changelog says that it's fixed Thu Mar 1 17:42:07 CET 2007 (tk) - * shared/misc: dircopy: use 0755 permissions for new directories (fixes possible permission problems with backup directories in freshclam) If you use linux, you can try my static binary on http://clamav.or.id/snapshot/. Perhaps using development version of freshclam will solve your problem. Regards, Fajar ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] unreponsive under solaris - 0.90.2
Tom Bombadil wrote: >> I'm also only handling about 1 million messages/week with three systems, >> so that may also be a factor if your volume is higher. >> >> > > Thx Dennis... > > Yeah... we get more than a million per day... and we get pounded by mail > in the morning. That's when clamav becomes unresponsive. After 4pm, when > the mail load is considerably lower, I haven't seen this problem yet. > > What version of clamav are you using? If it's 0.9x, and the problem only occurs on heavy load, you might want to look at https://wwws.clamav.net/bugzilla/show_bug.cgi?id=434 It should reduce your system load significantly. Regards, Fajar ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] ClamAV 0.91rc1 config. change
Luca Gibelli wrote: > Dear ClamAV users, > > Starting from 0.91rc1, the default value for LocalSocket in clamd.conf > has been changed from /tmp/clamd to /tmp/clamd.socket to avoid confusion. > > You must update the configuration of all programs that connect to clamd > through unix socket to point to the new path! > > Please note that ClamAV 0.90.3 still uses the old default value > (/tmp/clamd) so no changes are required for people upgrading to ClamAV > 0.90.3 . > > Hi Luca, Correct me if I'm wrong, but from the Changelog of 0.90.3 and 0.91rc1 I can find any entry mentioning https://wwws.clamav.net/bugzilla/show_bug.cgi?id=434 Does this mean that performance-improvement patch is rejected, or perhaps it is no longer needed in 0.91 series? Regards, Fajar ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Duplicate signatures?
Hi, I'm using clamav 0.90.2 on Linux. Today I found this entry on my clamd.log : Mon Jun 4 13:06:46 2007 -> Reading databases from /var/clamav Mon Jun 4 13:07:40 2007 -> Loaded 237246 signatures. Odd. Last I check manually it was 100-thousand-something. Tracing back clamd.log, the oldest entry I found was Sat May 12 23:22:01 2007 -> Database correctly reloaded (220331 signatures) Older entries was already deleted by logrotate, so whatever did this seems to happen a long time ago. All freshclam log entries correctly show 100-thousand-something signatures. Then I did this : #cp -a /var/clamav /var/clamav.bad && cd /var/clamav && rm -rf clamav-* *.inc *.cvd && freshclam ClamAV update process started at Mon Jun 4 13:27:32 2007 WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.90.2 Recommended version: 0.90.3 DON'T PANIC! Read http://www.clamav.net/support/faq Downloading main.cvd [100%] main.cvd updated (version: 43, sigs: 104500, f-level: 14, builder: sven) Downloading daily.cvd [100%] daily.cvd updated (version: 3347, sigs: 17212, f-level: 15, builder: ccordes) Database updated (121712 signatures) from db.id.clamav.net (IP: 222.124.18.201) Clamd successfully notified about the update. And it correctly shows 121712 signatures. Now the question is, where does the extra 10 signature comes from? The old database directory has these files : # ls -sR1 /var/clamav.bad /var/clamav.bad: total 9861 4 clamav-85777188b0b2cee4 0 clamav-8cba3026bfa183c2c3cecb71caa7a115 0 clamav-fc26f6a3e34e276c9795d6e6baed8892 0 daily.inc 9145 main.cvd 0 main.inc 4 mirrors.dat 485 MSRBL-Images.hdb 224 MSRBL-SPAM.ndb /var/clamav.bad/clamav-8cba3026bfa183c2c3cecb71caa7a115: total 2702 20 COPYING 4 daily.cfg 24 daily.db 4 daily.fp 16 daily.hdb 4 daily.info 913 daily.mdb 1706 daily.ndb 4 daily.pdb 4 daily.wdb 4 daily.zmd /var/clamav.bad/clamav-fc26f6a3e34e276c9795d6e6baed8892: total 340 20 COPYING 4 daily.cfg 24 daily.db 4 daily.fp 4 daily.hdb 4 daily.info 128 daily.mdb 140 daily.ndb 4 daily.pdb 4 daily.wdb 4 daily.zmd /var/clamav.bad/daily.inc: total 1385 20 COPYING 4 daily.cfg 24 daily.db 4 daily.fp 4 daily.hdb 4 daily.info 817 daily.mdb 497 daily.ndb 4 daily.pdb 4 daily.wdb 4 daily.zmd /var/clamav.bad/main.inc: total 19358 20 COPYING 4633 main.db 4 main.fp 625 main.hdb 4 main.info 797 main.mdb 13273 main.ndb 4 main.zmd Signature updates are done by freshclam. Just wondering, is this a known problem, and will upgrade to 0.90.3 fix this. Regards, Fajar ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] ClamAV timing out
Rob Sterenborg wrote: > Yes I'm aware of that. But.. clamdscan was as "slow" as clamscan as > clamavmodule. I would suggest that you either use clamdscan or clamavmodule. The time required for clamscan to load virus signatures (100 thousand or so) is enough (20-something seconds on my system) to justify the choice. > Since I *had* to make this work again, I installed both clamav and > spamassassin from source instead of using apt-get and this time it > worked (using clamdscan). > > Good to hear :) > I don't understand why it wasn't working when I *completely* (personally > checked) remove the package (using apt-get and dpkg) and reinstall it, > but I'm not going to complain: this was my excuse to install the latest > version from source. > > It would probably be helpful if you also check which part of your system is heavily-loaded at that time. e.g. Does clamd consume 100% CPU usage, or disk I/O is very heavy, etc. Regards, Fajar ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] freshclam mirror selection problem
Hi, I'm using clamav-0.91rc1 on Solaris10/sparc. I encountered a problem during database update (running freshclam manually) today # freshclam ClamAV update process started at Tue Jun 5 10:01:21 2007 main.inc is up to date (version: 43, sigs: 104500, f-level: 14, builder: sven) ERROR: getfile: daily-2570.cdiff not found on remote server (IP: 202.158.56.242) ERROR: getpatch: Can't download daily-2570.cdiff from database.clamav.net ERROR: getfile: daily-2570.cdiff not found on remote server (IP: 202.158.56.242) ERROR: getpatch: Can't download daily-2570.cdiff from database.clamav.net ERROR: getfile: daily-2570.cdiff not found on remote server (IP: 202.158.56.242) ERROR: getpatch: Can't download daily-2570.cdiff from database.clamav.net WARNING: Incremental update failed, trying to download daily.cvd Downloading daily.cvd [100%] WARNING: Mirror 202.158.56.242 is not synchronized. Trying again in 5 secs... ClamAV update process started at Tue Jun 5 10:01:26 2007 main.inc is up to date (version: 43, sigs: 104500, f-level: 14, builder: sven) ERROR: getfile: daily-2570.cdiff not found on remote server (IP: 202.158.56.242) ERROR: getpatch: Can't download daily-2570.cdiff from database.clamav.net ERROR: getfile: daily-2570.cdiff not found on remote server (IP: 202.158.56.242) ERROR: getpatch: Can't download daily-2570.cdiff from database.clamav.net ERROR: getfile: daily-2570.cdiff not found on remote server (IP: 202.158.56.242) ERROR: getpatch: Can't download daily-2570.cdiff from database.clamav.net WARNING: Incremental update failed, trying to download daily.cvd Downloading daily.cvd [100%] WARNING: Mirror 202.158.56.242 is not synchronized. Trying again in 5 secs... ClamAV update process started at Tue Jun 5 10:01:32 2007 main.inc is up to date (version: 43, sigs: 104500, f-level: 14, builder: sven) ERROR: getfile: daily-2570.cdiff not found on remote server (IP: 202.158.56.242) ERROR: getpatch: Can't download daily-2570.cdiff from database.clamav.net ERROR: getfile: daily-2570.cdiff not found on remote server (IP: 202.158.56.242) ERROR: getpatch: Can't download daily-2570.cdiff from database.clamav.net ERROR: getfile: daily-2570.cdiff not found on remote server (IP: 202.158.56.242) ERROR: getpatch: Can't download daily-2570.cdiff from database.clamav.net WARNING: Incremental update failed, trying to download daily.cvd Downloading daily.cvd [100%] WARNING: Mirror 202.158.56.242 is not synchronized. Giving up on database.clamav.net... Update failed. Your network may be down or none of the mirrors listed in freshclam.conf is working. Check http://www.clamav.net/support/mirror-problem for possible reasons. Freshclam.conf is set to use databse.clamav.net (the default), which in ID points to two hosts : # host database.clamav.net database.clamav.net is an alias for db.local.clamav.net. db.local.clamav.net is an alias for db.id.clamav.net. db.id.clamav.net has address 222.124.18.201 db.id.clamav.net has address 202.158.56.242 Now the question is, why did freshclam insist on using 202.158.56.242, even after "WARNING: Mirror 202.158.56.242 is not synchronized. Trying again in 5 secs..." and finally says "Giving up on database.clamav.net". Why didn't it try the other host first. Regards, Fajar ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Duplicate signatures?
Török Edvin wrote: > On 6/4/07, Fajar A. Nugraha <[EMAIL PROTECTED]> wrote: > >> # ls -sR1 /var/clamav.bad >> 9145 main.cvd >>0 main.inc >> > > You have both a main.inc, and a main.cvd. Thus those signatures are > loaded twice. > Hi Edwin, thanks for your response. I use home-made rpm package based on Dag's .spec. It seems that the clamav-db RPM upgrade recreated *.cvd unconditionally, so in the case of it already converted to main.inc, you ended up with duplicate signatures. I guess it's time to hack the .spec again. Regards, Fajar ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Duplicate signatures?
Dennis Peterson wrote: > How does one get a main.inc directory? I thought it was having > ScriptedUpdates yes in the conf file and experimental code enabled at > build time but that doesn't do it. > > I believe ScriptedUpdates is enabled by default on non-experimental build as well, unless you disable it in clamd.conf. Regards, Fajar ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Please help me
Hi Ejaz, Mohammed Ejaz wrote: > Any one please me in this > > > I went into the 09.90.2 directory and did the following: > > /configure > make > make install > > When ever i did the "make install" i got an follwowing error > > "error while loading shared libraries: libclamav.so.1: > cannot open shared object file: No such file or directory" > I'm not sure how "make install" can complain about missing libclamav.so.1 since it's not supposed to be installed yet in the first place. However, if you just want to use clamav on solaris on the default install location (/usr/local), you can try my prebuilt binaries on http://clamav.or.id/ I'd suggest you try 0.90.3 (faster scan time compared to 0.90.1 or 2) or 0.91rc1 (even faster startup compared to 0.90.x). Note that some config file syntax has changed from 0.88.x to 0.9x series, so be sure to edit clamd.conf and freshclam.conf as needed. Regards, Fajar ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav 0.91rc1 and database
Tomasz Kojm wrote: > On Fri, 8 Jun 2007 15:08:54 -0700 > "Ronald Cole" <[EMAIL PROTECTED]> wrote: > > >> I noticed that the database/makefile has installing the main.cvd and >> daily.cvd commented out. But freshclam still downloads those two files on >> upon it's first run! So, I just uncommented those lines and everything >> seems ok, and I integrated that patch into my RPM specfile for the time >> being. Since this is the first rc that i'm trying out (due to the insane >> length of time it takes clamav-milter to start on a 3.0G P4), is this a >> common thing to encounter? >> > > No, that's a minor bug in this particular RC. > > Tomasz, are you sure this is a bug? If "installing the main.cvd and daily.cvd commented out" is a bug, then all upgrades (including ones on systems with daily.inc and main.inc) will also have *.cvd installed, which means the virus database will be loaded twice. Regards, Fajar ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Fw: Please help me
Mohammed Ejaz wrote: > - Original Message - > From: "Mohammed Ejaz" <[EMAIL PROTECTED]> > To: "Jose Alf." <[EMAIL PROTECTED]> > Sent: Saturday, June 09, 2007 6:16 AM > Subject: Re: [Clamav-users] Please help me > > > >> Jose, >> >> Today morning i have tried to upgrade my clamav as I mentioned in my >> previous Email, still the results are same, and i have noticed that there >> is no "libiconv.so.2:" in my /usr/local/lib how can i get this file by >> installing higher version of gcc or libgcc ??? >> >> Try sunfreeware.com, especially http://sunfreeware.com/programlistsparc8.html#libiconv Regards, Fajar ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] help,some faq about install ClamAV
Cheng Guangyao wrote: > clamav-0.91rc1.sol10-x86.tar.gz(http://clamav.or.id/stable/clamav-0.91rc1.sol10-x86.tar.gz) > > is it the right one? > If by "right" you mean it is a prebuilt clamav binary that runs on solaris 10 (and newer, which probably includes opensolaris) x86, yes. If by "right" you're expecting a solaris pkg that can be installed with pkgadd, then no. It's a simple tar.gz that (when extracted) will install clamav under /usr/local. Feel free to use it and report any bugs via private mail. Regards, Fajar ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamassasin & clam - very slow
[EMAIL PROTECTED] wrote: > Hello, > > i am using clamav & clamassassin - clamscan is very slow and clamscan uses > many ressources. > > What can i do? > > Try replacing clamscan with clamdscan For 0.90.x series, this should save you a lot of time required (about twenty seconds on my system) for each file scanned. Regards, Fajar ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamassasin & clam - very slow
[EMAIL PROTECTED] wrote: >>> i am using clamav & clamassassin - clamscan is very slow and clamscan >>> uses >>> many ressources. >>> >>> What can i do? >>> >>> >>> >> Try replacing clamscan with clamdscan >> > > does clamdscan uses the same configuration as clamscan, so i can easy the > clamassassin-config? > > No. Clamscan options arer passed on command line. Clamdscan, on the other hand, simply uses clamd, whose configuration is on /usr/local/etc/clamd.conf (or wherever your packager puts it). The default values should enable mail and archive scanning, which means it should be usable as-is for your purpose. You probably want to check "User" setting though. There are some command line options for clamdscan, but (for example) --no-mail is not one of them. Regards, Fajar ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] help,some faq about install ClamAV
Cheng Guangyao wrote: > ld.so.1:clamd:fatal:libgmp.so.3:open failed:No such file or directory killed > i implement /usr/local/bin/clamdscan,clamconf...also happend the same > thing. > which file didn't exist? > > perhaps libgmp.so.3? :) Try "pkg-get -i libgmp" See http://www.blastwave.org/howto.html on how to install pkg-get If you already have libgmp.so.3 somewhere, but ld can't seem to find it, try one of the following : - create a link from that file to /usr/local/lib for example, ln -s /opt/csw/lib/libgmp.so.3 /usr/local/lib/ - use crle to modify your system's library search path - use LD_LIBRARY_PATH system variable (not recommended) My binary should automatically uses libraries on /opt/csw/lib when available As for configuration, copying clamd.conf.sol10 to clamd.conf and freshclam.conf.sol10 to freshclam.conf on /usr/local/etc SHOULD be enough for most cases. If you want to tweak more settings, see clamd.conf.example and freshclam.conf.example Regards, Fajar ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamassasin & clam - very slow
Cheng Guangyao wrote: > Fajar A. Nugraha,您好! > > in clamav-0.91rc1.sol10-x86.tar.gz,these have > clamd.conf.so10,clamd.conf.example > which one i should use? > > See http://clamav.or.id/install/linux-unix.txt Short answer : copy *.conf.sol10 to *.conf Regards, Fajar ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Checking Definition Files Prior to Installing Them
Gerard Seibert wrote: > What is the syntax to use to check a file to insure it is not broken > before installing it? I have tried a few combinations, but nothing > seems to be producing the results I am looking for. > > Try clamscan -d /path/to/your/db/dir /some/clean/text/file.txt It should return zero exit code when your signature file is not broken. /path/to/your/db/dir should be a directory which contains the signature files you want to check /some/clean/text/file.txt is just a plain text file with no virus. An empty file should work as well. Regards, Fajar ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamscan extremly slow
Chris wrote: > On Monday 18 June 2007 5:04 pm, Christopher X. Candreva wrote: > >> On Mon, 18 Jun 2007, Chris wrote: >> >>> [EMAIL PROTECTED] ~]$ clamdscan phish1.txt >>> /home/chris/phish1.txt: Access denied. ERROR >>> >>> I can't figure out why I keep getting this Access denied error. Anyone >>> with any ideas? >>> >> Because you didn't RTFM. :-) >> >> clamdscan passes the file name to clamd, which tries to open it. clamd is >> normally running as an unprivledged user so unless the file is world >> readable (or readbale by the clamd process), you get that error >> >> Sent the file to STDIN and you solve the problem >> >> clamdscan - > >> > Thanks Chris, guess the Fine Manual wasn't clear enough to me. > > There IS another option though. The recommended way to run clamd is to run it as non-root user. Meaning it may have some permission problems if not properly setup. The alternative solutions are : - Use STDIN, which might introduce some overhead (read file -> stream -> saving stream) - Change clamd's user to match your application (most likely mail server) user - Add clamd's user to app's group, and activating AllowSupplementaryGroups on clamd.conf - Run clamd as root The best choice depends on what you're using it for. Regards, Fajar ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Trying to get ClamAV/Amavis running on Debian. I have R the FM.
[EMAIL PROTECTED] wrote: >> The trick in my case, a MDV distro was to change the clamd user to >> amavis in /etc/clamd.conf and clamd is now used happily by amavis. This >> may not be the very correct way but it works and so far nothing else >> seems to be broken. >> The time for scanning e-mail is now a small fraction it used before. >> Thomas >> > > Yeah, that's one of the first things I did, but still no joy. > > I'm thinking it's likely an amavis issue rather than a clamav issue, so > I've posted the same info to the amavis mailing list. > > I'm sure I'm just overlooking something simple, but I've spent a couple > days now trying to find it. > > Does clamdscan work? Sometimes simply changing clamd's user to amavis dones't work, as /var/run/clamav sitll owned by clamav user. To eliminate all user/perm issues, I suggest you try User root first, disable selinux (if you have it on), and try clamdscan. After it works, try amavis. Regards, Fajar ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clange log...
Steve Holdoway wrote: > I'm trying to find the changelog for 0.91.1. Can anyone point me towards it? > > The obvious one would be within the clamav source code, but I'm guessing you don't want to download a 12MB file just to see the changelog :) I have a copy on http://clamav.or.id/stable/ChangeLog-0.91.1 but I believe what you're just looking for is this : Mon Jul 16 21:52:08 CEST 2007 - V 0.91.1 * Bugfixes: - libclamav/others.c: bump f-level - libclamav/unrar/unrarvm.c: fix another occurrence of bb#555, thanks to Ludwig Nussel - sigtool/sigtool.c: increase MAX_DEL_LOOKAHEAD, requested by Sven - libclamav/scanner.c: don't search for embedded PEs in zip files larger than 1 MB (bb#573) - clamav-milter: Fix memory leak when load balancing - clamav-milter: Chroot handling no longer marked as experimental - libclamav/nsis: fix macro collision on AIX - bb#570 - libclamav/phishcheck.c: fix (null) FOUND - libclamav: rename x86 macroes due to collisions on HPUX - libclamav: Fix warnings on HP-UX Regards, Fajar ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Update Virus Dat Files on Standalone
Milich Gregory A (Greg) wrote: > Yes, I could download the dat from an internet connected PC, put on a CD > And then carry to standalone. Once uploaded to a directory on the > standalone PC would I run freshclam to update the dat files? > > If you use clamscan, then no issue there. You need to put the correct files (*.cvd) on the correct db directory, with enough permission to allow the user running clamscan to read it, then you're set to go. However, If you use clamd/clamdscan, you need to take caution in how you copy the files. Clamd periodically checks its database directory for db modifications. If during that check it found incomplete db (for instance, because copying from CD is slow), clamd will complain about it and die. To be safe, you should restart clamd after copying the new virus db. Regards, Fajar ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Update Virus Dat Files on Standalone
Axel C. Frinke wrote: > Hello, > > since I am only connected to the Internet by a 56K Modem, that topic > is also interesting for me: > > On 2007-07-25 13:01, Milich Gregory A (Greg) wrote: > >> It wasn't clear to me (from the documentation) if freshclam did anything >> Special to "install" the cvd files. If I can just periodically download >> the cvd files from the clamav site and manually put them in the db >> directory without running anything to "install" them then I'll do it >> that way. >> > > Does fleshclam actually nothing else but downloading main.dvd and > daily.dvd and storing it in /var/lib/clamav? > It does some other things too. Like making sure clamd doesn't get corrupt/incomplete db files, by locking db dir during update and using checksum. And notifying clamd after a succesful update, so that the new db is used right away. > I recently ran freshcalm via my dialup connection and it started to > download main.dvd. After about 15 minutes (33% was downloaded) a > checksum error occured and freshcalm restarted the download. Thus I > prefer to download main.dvd and daily.dvd to my USB stick and to copy > it later to /var/lib/clamav. > > If I understood this thread right, this method works correct. But what > about the checksum check of freshclam? > > As Edwin mentioned, you need to do it manually. For verifying cvd files, you can use "sigtool -i FILE". It will print "ERROR: cvdinfo: Verification: MD5 verification error" when the checksum in incorrect. Another method would be to put db files (can be .vcd or third party signatures, like the one from sanesecurity/MSRBL) on a separate directory, and run "clamscan -d /PATH/TO/DB/DIR /SOME/TEST/FILE". clamscan will exit with non-zero error value (50, I think) if the db file is corrupted. Regards, Fajar ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Missing Freshclam after upgrade to clamav-0.90.3-1.fc7
Graeme Nichols wrote: > Hello Dennis, > > I have already done that. There is *no* freshclam on my system I'm afraid. > > > The clamav-0.90.3-1.fc7 package installed OK according to the above. > > Anyone any ideas please? > > Try "yum provides freshclam" Regards, Fajar ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] SelfCheck of clamd does not work!
Matthias Hank wrote: > No other entries in clamav.log since 10:59:11 ... > > > > BTW: On one of my other servers, SelfCheck does strange things too. > Even if it is configured to do Selfcheck each 300 secs, it does what it wants: > > Mon Jan 14 10:08:45 2008 -> SelfCheck: Database status OK. > Mon Jan 14 10:15:20 2008 -> SelfCheck: Database status OK. > > This is on debian/4.0 > > On a FreeBSD Machine, it checks exactly each 300 secs: > > Jan 14 11:02:21 scan1 clamd[557]: SelfCheck: Database status OK. > Jan 14 11:07:22 scan1 clamd[557]: SelfCheck: Database status OK. > Is this FreeBSD by any chance a busy mailserver? I seem to recall that SelfCheck is queued, and only performed when a scan request comes in. Regards, Fajar ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] freshclam complains about /etc/clamd.conf ?
> On Jan 15, 2008 11:54 AM, Per Jessen <[EMAIL PROTECTED]> wrote: > >> I'm not using clamd - any reason why freshclam should complain >> about /etc/clamd.conf ? >> >> There should be an entry NotifyClamd on freshclam.conf. When told to notify clamd, freshclam will look for a way to notify clamd (either TCP/IP or unix socket) by parsing clamd.conf. In your case, clamd.conf contains an invalid (for 0.92 anyway) option. Regards, Fajar ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Version 0.92.1 - can no longer install to non-standard directory
Roberto Ullfig wrote: > Roberto Ullfig wrote: > >> Well, it's the final destination for the repository but not for the >> actual installations (/usr/local). I suppose I'll need to compile it >> twice then, once for each location even though it never gets run from >> the repository. >> >> >> > No, that's not going to work since the copy in our repository needs to > be identical to the copy that gets installed in /usr/local. We copy the > files from the repository to /usr/local when we clone a new server. > I believe this is the same situation with building an RPM package. It starts by compiling with --prefix=/usr --sysconfdir=/etc (and so on), but during a "make install", it sets a DESTDIR=/tmp/clamav.root (or similar) so the files will be in /tmp/clamav.root/usr/bin, /tmp/clamav.root/usr/lib, /tmp/clamav.root/etc, and so on. Incidently, is there a reason why you're not using some kind of package management like rpm? Openpkg uses rpm for cross-platform (including Solaris and BSD) package management. It also has clamav-0.92. Regards, Fajar ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav 0.92.1 for Solaris 8
Alonso, Claudio Fabian wrote: > Good morning, > I'd like to know if you are planning to include in the download page a > complied version of clamav-0.92.1 for Solaris 8 as you did for previous > versions. > I assume your mail is intended for me :D To tell the truth, I've been kinda holding back building 0.92.1 binaries, mostly because of some bugs mention (for example) on http://lurker.clamav.net/message/20080212.151501.833f926c.en.html Strangely enough, when I try it today I get this results : bash-2.03# uname -a SunOS 5.8 Generic_108528-13 sun4u sparc SUNW,UltraAX-i2 bash-2.03# clamd --version ClamAV 0.92.1/5901/Thu Feb 21 09:26:03 2008 It works correctly. So perhaps the bug is somehere in the build environment, not on the source code. As usual, my binary build is available on http://clamav.or.id As peter pointed out though, if you also use a lot of blastwave packages you MIGHT be better of with their binary (assuming they've fixed the bug). In my case, the original reason I make my own build is that I can't use blastwave packages on Sol8 because I'm not allowed to patch the OS to match blastwave's requirement. Regards, Fajar ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Problem installing clamav 0.92.1
SINDELAR Stefan wrote: > Morning everyone, > > I have problems to install clamav 0.92.1 on Solaris 8 with GCC 3.4.6. > Below you can see the messages while configure and install it: > > The easy way would be to use precompiled binary, either from blastwave.org or clamav.or.id. I have no idea what caused your error, but my Sol8 is loaded with gnu tools (gcc, binutils, etc.) and I can compile clamav succesfully with that :) However, seeing this message : "../libtool: gcc: command not found" Is gcc available in search path? Regards, Fajar ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [clamav-users] I have no idea if my emails are getting through.
On Wed, Jul 25, 2018 at 4:11 AM, wrote: > Thank you very much, I was a little worried but now I'm sure everything is > fine. > (I guess nobody wants to help me though, which somehow makes me worry even > more!) > Haha... uhhh.. > Well thanks again though, of course. I hope I am actually asking my > question in the right place. I'm just trying to setup ClamAv on a windows10 > os system with no internet connection but I'm too stupid to do that without > a step by step list for dummies... I hope it's not too annoying If I repost > my question every now and then and hope someone helps me. I really wonder > why it's not easier to setup on windows, like all pre-packaged in an > installer or something, latest version loaded with the latest virus > signatures etc. I'm just too stupid to get this working. > > > I'm not sure what the latest state of windows support is. Judging by lack of reponses that you find helpful, not many people use it either. Your 'not internet connection' makes it more complicated. Don't expect people to waste their time testing the steps FOR you if they don't use it themselves, especially for an unusual setup. I know that in the past clamwin (http://www.clamwin.com/) used to be the 'easy' way to setup clamav on windows, so if you have problems installing you might want to try that. Latest signatures is AFAIK not bundled with the installation, since it changes often. You should be able to install it on another machine, then copy the database files over. -- Fajar ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[Clamav-users] database.clamav.net mirror
Hi all Thought I just start a new thread here instead of adding the "Nude links" thread Although http://www.clamav.net/doc/mirrors/clamav-mirror-howto.txt contains complete instructions on how to setup a database mirror, it says nothing about web page mirror. Is it possible to setup a web page mirror? Another thing. How does the current dns server for database.clamav.net works? Does it simply choose a host at random (like Bind without zones does)? It seems that way, judging from " database.clamav.net is a round robin record that tries to equally balance the traffic between all the database mirrors " You could get better performance using zones in Bind or by using tinydns, to map certain host to certain client address. That way, client in Europe would get mirror in Europe, and so on. I'm signing up for the zone clamav.or.id, and I was hoping it could be used as clamav web and database mirror in Indonesia. Regards, Fajar Nugraha --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamav.*
That won't work right away. Folks at clamav.net / sourceforge should also add www.clamav.de as their virtual host. Otherwise, you'll get errors such as this : bash-2.03# telnet 66.35.250.210 80 Trying 66.35.250.210... Connected to 66.35.250.210. Escape character is '^]'. GET / HTTP/1.0 Host: www.clamav.de HTTP/1.1 200 OK Date: Fri, 12 Dec 2003 09:19:01 GMT Server: Apache/1.3.26 (Unix) PHP/4.1.2 Last-Modified: Fri, 07 Sep 2001 18:23:40 GMT ETag: "b5a9-264-3b9910ac" Accept-Ranges: bytes Content-Length: 612 Connection: close Content-Type: text/html SourceForge.Net You have probably reached this page in error. //=remaining html removed When you should get this : bash-2.03# telnet 66.35.250.210 80 Trying 66.35.250.210... Connected to 66.35.250.210. Escape character is '^]'. GET / HTTP/1.0 Host: www.clamav.net HTTP/1.1 200 OK Date: Fri, 12 Dec 2003 09:19:50 GMT Server: Apache/1.3.26 (Unix) PHP/4.1.2 Last-Modified: Thu, 11 Dec 2003 13:27:22 GMT ETag: "1912f4-1630-3fd870ba" Accept-Ranges: bytes Content-Length: 5680 Connection: close Content-Type: text/html http://www.w3.o rg/TR/html4/loose.dtd"> //=remaining html removed Fajar Thomas Lamy wrote: I just registered clamav.de, with www.clamav.de being CNAME www.clamav.net Thomas --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] ClamAV/1.0 ?
Hi all, I just process some web statistic for database.clamav.net's mirror on my server, and I found 744 connections, in one day, from the same IP address, all requesting daily.cvd and main.cvd, with the user agent "ClamAV/1.0" instead of the usual "clamav/0.65" or "clamav/devel-2003" Anybody knows whether this a new pre-alpha release, or a user-customized version, or is it a new virus ? 744 updates per day from the same IP seems way too much to be normal. Regards, Fajar A. Nugraha --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] freshclam ERROR: Can
That's permission problem. Or to be more specific, permission on clamav's database directory (/usr/local/share/clamav). An easy solution is to run clamav (including freshclam) as root (check your ./configure command line, clamav.conf, command line path to freshclam, and on newer snapshots freshclam.conf) A more secure way is to chown the db directory to clamav user. Regards, Fajar Nugraha [EMAIL PROTECTED] wrote: Hi Roberto, Did you get a answer to your problem? I'm having exactly the same problem on Solaris 9 running clamav 0.65. I'm afraid not. I've upgraded to 0.65, but the problem stays exactly the same. In fact, when I want to update the virusdb, I do it manually using a bash script I've written on purpose. If anyone would like more information to determine what the problem is, I'll be happy to help. Kind regards --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] database not being updated
Assuming you use recent clamav version (preferable devel), compile clamav with default settings for clamav user, and your database directory is /usr/local/share/clamav, try chown -R clamav /usr/local/share/clamav Newer versions of freshclam will automatically switch to clamav user, or the user specified in freshclam.conf even if you run is at root. Fajar Nugraha Payal Rathod wrote: Hi, On one machine where I had forgotten to update the database for 2 months, I am getting and error, # freshclam Current working dir is /usr/local/share/clamav Checking for a new database - started at Fri Jan 9 08:30:45 2004 Connected to clamav.elektrapro.com. Reading md5 sum (viruses.md5): OK Reading md5 sum (viruses2.md5): OK ERROR: Can't open new file ./36eb2f105cde6e69 to write open: Permission denied ERROR: Can't download viruses.db from clamav.elektrapro.com Checking for a new database - started at Fri Jan 9 08:30:46 2004 Connected to clamav.ozforces.com. Reading md5 sum (viruses.md5): OK Reading md5 sum (viruses2.md5): OK ERROR: Can't open new file ./57663653efc556b7 to write open: Permission denied ERROR: Can't download viruses.db from clamav.ozforces.com Checking for a new database - started at Fri Jan 9 08:30:47 2004 Connected to clamav.essentkabel.com. Reading md5 sum (viruses.md5): ... What is the cause and solution of this? With warm regards, -Payal --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] freshclam updates failing: sudden appearance of "ERROR: Verification: MD5 verification error."
Same here. BTW, which MD5 does freshclam check for *.cvd? I know there's viruses.md5 and viruses2.md5, but I don't see main.md5 or daily.md5. Is it possible that the main.cvd and the daily.cvd was broken? === -- ClamAV update process started at Mon Jan 12 06:22:55 2004 *(NOTE : GMT +0700)* main.cvd is up to date (version: 14, sigs: 19601, f-level: 1, builder: tomek) daily.cvd is up to date (version: 83, sigs: 247, f-level: 1, builder: diego) -- ClamAV update process started at Mon Jan 12 08:22:55 2004 ERROR: Verification: MD5 verification error. Trying again... ClamAV update process started at Mon Jan 12 08:22:57 2004 ERROR: Verification: MD5 verification error. Trying again... ClamAV update process started at Mon Jan 12 08:22:58 2004 ERROR: Verification: MD5 verification error. Giving up... ClamAV update process started at Mon Jan 12 08:22:59 2004 ERROR: Verification: MD5 verification error. Trying again... ClamAV update process started at Mon Jan 12 08:23:01 2004 ERROR: Verification: MD5 verification error. Trying again... ClamAV update process started at Mon Jan 12 08:23:02 2004 ERROR: Verification: MD5 verification error. Giving up... -- Regards, Fajar Nugraha OpenMacNews wrote: still no joy at 17:50 PST ... ERROR: Verification: MD5 verification error. Trying again... ClamAV update process started at Sun Jan 11 17:47:54 2004 Reading CVD header (main.cvd): OK Downloading main.cvd [*] ERROR: Verification: MD5 verification error. Giving up... --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] A few enhancements?
Carl Holtje ;021;vcsg6; wrote: All- I was wondering, if after the mele last evening with the distribution of new defintions, if it would be possible to configure more control over the update process... Specifically, I'd like to think that if I had a mirror site geographically close (relatively) to me, that I would be more likely to use this mirror than one accross the globe... something of a priority listing a-la the NTP configuration tag... Isn't that what mirros.txt is for? Or /usr/local/etc/freshclam.conf, on newer versions? Just change the first entry in mirrors.txt to your closest mirror. If you use freshclam.conf, just add another DatabaseMirror line before database.clamav.net. --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] problems with spamcop
As this is not a clamav-issue, this message should not be here. However, Fritz Mesedilla wrote: How come I got this message from spamcop that I am sending spam? Based on the Mail relay test on abuse.net, I am clean. Besides, I am protected by amavisd-new,clamav, and spamassassin. As a general rule, DNSBLs can pretty much block whatever they want. No software can 100% prevent you from being listed in at least one DNSBL. Looking at the link mentioned http://www.spamcop.net/w3m?i=z599828475z2238fb26fc967fc197f197a3717d2d94z "This report is concerning a web site (* http://www.mesedilla.com *) mentioned in the body of an unwanted email." which simple means that someone has submit a spam sample to SpamCop in which yor website was mentioned or linked. That's all. It does not say that you send spam, nor that it blocks your mail server in any way. Regards, Fajar A. Nugraha --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: Are there any open source virus scanners for windows desktop?
Actually, ClamAV would be a bad option for Win32 desktop scanner, as - it does not include a code emulation which makes it useless against polymorphic viruses. - it does not have OLE2 engine which makes it unable to detect practically all macro viruses. - no frontend currently exists to implement real-time on-access scan on Win32 platform (no clamuko for Windows). However, it is perfect for "integration with mail servers (attachment scanning)". So if you have a mail server that runs under Win32 (like CommuniGate Pro), and can find (or make) the plugin for clamav (like cgpav), then clamav-win32 might be a good choice. For on-demand scanner, "clamscan /cygdrive/c" should work. Fajar Nugraha Edward Terry wrote: You can find ClamAV for Windows (implemented via Cygwin) at http://www.sosdg.org/clamav-win32/index.php. Edward -Original Message- From: Antony Stone <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: [Clamav-users] Are there any open source virus scanners for windows desktop? Reply-To: [EMAIL PROTECTED] < < <> On Tuesday 13 January 2004 6:56 pm, Ricardo Kleemann wrote: <> > Hi, <> > <> > I use clamav on my linux server... <> > <> > But of course I want to protect my windows desktop against <> > viruses and be able to scan my disks. Am I still stuck with <> > having to pay Norton or whoever else for a windows scanner? <> > <> > Any open source alternatives? <> <> I do not know of any Open Source A-V products for Windows, < < < <-- < < Please reply to the list; please don't CC me. < --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Problems running clamdscan
Jon R. Kibler wrote: We are having problems getting clamdscan to work. The problem is file permissions. The file being scanned must be either other readable, or it must belong to the clamav user or group. We do not have this problem with clamscan. Any thoughts on how to get clamdscan to read files that the user of the program has permission to access, but which clamd does not have permission to access? Either : - recompile : --with-user=, or - Add in /usr/local/etc/clamav.conf : User Since my mail serever runs as root, I had to set to root Also, I am not quite sure that I understand the problem... I thought that clamdscan read the file and passed it to clamd for processing. I guess I must misunderstand something here... AFAIK clamdscan passes file names, not file content. Regards, Fajar Nugraha --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Bagle Virus/Worm Status?
Kevin Spicer wrote: I guess it depends on how much mail you handle! To put mine in perspective I'm talking a daily load of only about 7000 messages of which only about 3-4000 will be incoming. So probably about 1% of incoming mail is Bagle (thats pretty much in line with the figures message labs are reporting of 1 in 136). Mine handles over 400.000 incoming email daily but no Bagle hit whatsover. Here's why : I block all .exe attachments before clamav even sees it :) --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Multiple stability problems on Solaris 9
Jon R. Kibler wrote: Hello: In the past few days we have experienced multiple stability problems with clamav. Here is our environment: Solaris 9 (sparc) mimedefang 2.36 w/ sendmail 8.12.10 clamav 0.65 Isn't 0.65 known to have problems? I use daily snapshot (devel-20040115) and it works fine so far. This was submitted to [EMAIL PROTECTED] yesterday... just curious, is there any type of acknowledgment that we should expect from such submittals? Some acknowledgments are in ChangeLog. Here is an example of the problem from today. The previous entry in the log was from an hour earlier and all was OK. We discovered freshclam had died (with no notice sent) when we were preparing the documentation for the clamd problem. We received no notice that freshclam had any problems or had died. I use freshclam -d on Solaris9, and it didn't die during "Malformed CVD header" period. ClamAV update process started at Tue Jan 20 23:28:04 2004 main.cvd is up to date (version: 18, sigs: 19810, f-level: 1, builder: tomek) daily.cvd is up to date (version: 94, sigs: 488, f-level: 1, builder: diego) -- ClamAV update process started at Wed Jan 21 01:28:04 2004 ERROR: Malformed CVD header detected. ERROR: Can't read main.cvd header from clamav.antispam.or.id (202.134.0.71) Trying again... ClamAV update process started at Wed Jan 21 01:28:05 2004 ERROR: Malformed CVD header detected. ERROR: Can't read main.cvd header from clamav.antispam.or.id (202.134.0.71) Trying again... ClamAV update process started at Wed Jan 21 01:28:06 2004 ERROR: Malformed CVD header detected. ERROR: Can't read main.cvd header from clamav.antispam.or.id (202.134.0.71) Giving up... ClamAV update process started at Wed Jan 21 01:28:06 2004 ERROR: Malformed CVD header detected. ERROR: Can't read main.cvd header from database.clamav.net (202.134.0.71) Trying again... ClamAV update process started at Wed Jan 21 01:28:08 2004 ERROR: Malformed CVD header detected. ERROR: Can't read main.cvd header from database.clamav.net (202.134.0.71) Trying again... ClamAV update process started at Wed Jan 21 01:28:09 2004 ERROR: Malformed CVD header detected. ERROR: Can't read main.cvd header from database.clamav.net (202.134.0.71) Giving up... -- ClamAV update process started at Wed Jan 21 03:28:09 2004 main.cvd is up to date (version: 18, sigs: 19810, f-level: 1, builder: tomek) daily.cvd is up to date (version: 94, sigs: 488, f-level: 1, builder: diego) CLAMD PROBLEMS: === Yesterday, just before 11:00 we started getting all sorts of 'strange' mimedefang errors -- none of which were 'problem running virus scanner'. Checking, we found that clamd was not running. (We use clamdscan in mimedefang, not clamd directly, as it appears to be somewhat better at catching some viruses.) Notice that it appeared to die the first time shortly after finding 'Worm.Gibe.F' -- with no indication of why it died. (The virus hit was successfully passed back to mimedefang.) The problem might be in " Mon Jan 19 12:04:37 2004 -> Mail files support enabled. " Try commenting ScanMail on clamav.conf. I don't know how stable (or reliable) ScanMail support is now, but since you use mimedefang you wont need clamd to unpack attachments. Disabling it will at least reduce scanning time a little. Regards, Fajar A. Nugraha --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Archive : File size limit exceeded. ERROR
Hi, When I change clamav.conf to have ArchiveMaxFileSize 1M and send 1.5M zip, I got Fri Jan 30 11:25:33 2004 -> /var/spool/exim/scan/1AmQDh-0003c9-1N/1AmQDh-0003c9-1N-0.zip: File size limit exceeded. ERROR Shouldn't clamd just IGNORE it instead of saying ERROR? clamd / ClamAV version devel-20040130 Regards, Fajar A. Nugraha --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Clam + OS X (10.3.2) and CommuniGatePro
OpenMacNews wrote: hi, it works beautifully! I use Tru64 + CGP 4.1.6 + clamav devel-20040115 + cgpav and it works fine too. this should get you at least started =) warning ... this is a sloppy copy/paste from my notes ... Nice. Haven't tried it, but ./configure \ --prefix=/usr/local \ --enable-cxx \ --enable-fft \ --enable-mpbsd \ --enable-mpfr \ --enable-shared \ --disable-static cgpav says you need to have --with-user=root, as clamd will need to read files in CGP's Queue directory. In *nix only root can doo that. Don't know about your xServe. # setup a crontab entry to refresh/update your virus db (EDITOR) /etc/crontab +++ 40*/4***root /usr/local/clamav/bin/freshclam --quiet --log=/var/log/freshclam.log --datadir=/var/clamav_db An alternative would be to start freshclam as daemon, e.g with -d. Also note that freshclam syntax for newer snapshots (and the next official release) has changed to include an additional configuration file (freshclam.conf). sender_notification = true recipients_notification = false postmaster_notification = true postmaster_account = postmaster Do you really want these? It means postmaster will get notification for every virus cought. I would prefer to look at clamd's log, but it's your choice. Sender will also get an extra notofication, which in my point of view useless since CGPro already rejects the infected mail (thus returning it to the sender). CREATE a SERVER WIDE CGP RULE You should also add rules to disable rejection and notification for certain viruses. Worms (SCO/Doom/Klez/etc) use faked sender, so it's useless to send bounces or notifications. Remember, CGP's behavior is queue -> filter -> deliver/reject, so by default there will always be bounces. Simply bouncing all viruses will create unnecessary (and lots of extra) traffic. --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] daily tarball snapshot
http://www.clamav.net/snapshot/ Is there a reason why the latest snapshot (and several before that) have 1K file size (and of course, unusable)? Regards, Fajar A. Nugraha --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] long startup time with recent clamav snapshots?
Alexander Bochmann wrote: Hi, I've been successfully running a clamav devel-20031128 snapshot on my OpenBSD 3.3 box to scan mail via smtp-vilter for quite some time now (it's a bit low-end hardware, K6/233). I tried twice to upgrade to newer snapshots (specifically, clamav-devel-20031204 and clamav-devel-20040127), but somehow clamd as well as freshclam need a incredibly long time for startup with extremely high CPU usage (didn't wait for the end, I killed both after about 5 minutes). Nothing like this happens with the 20031128 snapshot. Not here. I didn't try those particular versions though. The last one (devel-20040203) works fine for me. Note that on every install clamav deletes any existing *.cvd (don't forget to run freshclam before starting clamd), and overwrite /usr/local/etc/*clam*.conf with the default distribution versions, and versions >= 20041229 has freshclam.conf too. --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] long startup time with recent clamav snapshots?
Tomasz Kojm wrote: On Tue, 03 Feb 2004 15:54:57 +0700 "Fajar A. Nugraha" <[EMAIL PROTECTED]> wrote: starting clamd), and overwrite /usr/local/etc/*clam*.conf with the No, it doesn't. Right, my mistake. I seem to remember losing my clamav.conf and got the one from the distribution a long time ago. Since then I use an auto-updater script which backups my conf, download and install latest devel, and restore clamav.conf and freshclam.conf automatically. It certainly doesn't overwrite exisiting conf now. --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Contents of DBDIR
Justin wrote: After getting 20040203 to compile tonight on my RH 9 box, I ran into trouble starting the new daemon. It was convinced I had a "Malformed Database." The old version of clamd I was running didn't seem to think so. I remembered reading something about clamd picking up all files in the DBDIR and reading them as if they were a ClamAV's official cvd files. The contents of my /usr/local/share/clamav were a bit of a mystery to me. -rw-r--r--1 clamav clamav 434176 Jan 7 21:19 b8946eefa674d8c5 -rw-r--r--1 clamav clamav 51709 Feb 4 00:21 daily.cvd -rw-rw-r--1 clamav clamav 0 Feb 4 00:20 main.cvd -rw-rw-r--1 clamav clamav 60 Feb 4 00:20 mirrors.txt -rw-r--r--1 clamav clamav1037239 Jan 27 08:03 viruses.db I didn't recognize b8946eefa674d8c5, which I assumed to be an abandoned temp file. Yup. That's it. I also didn't know why my main.cvd was empty or why my viruses.db hadn't been updated since the 27th. AFAIK, for every new install clamav always zeroes out main.cvd and daily.cvd. The real mistery is why you have non-zero daily.cvd but zero main.cvd I eventually backed up this directory and removed its contents. Rerunning freshclam downloaded to fresh copies of viruses.db and daily.cvd. That instance of freshclam claimed it was downloading main.cvd as well, although that file never appeared. I think it's the b8946eefa674d8c5. The download wasn't completed because of (perhaps) network error. [EMAIL PROTECTED] /usr/local/share/clamav]#> freshclam ClamAV update process started at Wed Feb 4 00:24:25 2004 Reading CVD header (main.cvd): OK Downloading main.cvd [*] viruses.db updated (version: 19, sigs: 19987, f-level: 1, builder: ddm) Reading CVD header (daily.cvd): OK Downloading daily.cvd [*] daily.cvd updated (version: 119, sigs: 625, f-level: 1, builder: ddm) Database updated (20612 signatures) from database.clamav.net (64.74.124.90). Everything seems to be running smoothly now. I wonder though, should I have a main.cvd? yes Should I have a mirrors.txt? not with newer snapshots. You should have freshclam.conf. There's an entry DatabaseMirror which lets you choose your favorite (closest) mirror. Regards, Fajar A. Nugraha --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
ClamAV Binaries (WAS Re: [Clamav-users] RE: Build on Solaris problem)
Alex S Moore wrote: I plan to talk with our head guy at blastwave.org and hopefully will provide packages for Solaris 8 and 9 for SPARC and x86 soon. Clamav is a great product and I want to do whatever I can to help it grow in popularity. Wonder why nobody provides official Solaris binaries yet. If anybody needs it you can get unofficial binaries built from daily snapshot on http://clamav.or.id/ (Sparc, AIX, and OSF). Updated daily. Don't have Solaris x86 though. --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] CG Pro and ClamAV finds virus but can't find it when scanning with clamscan manually
Kristof Hardy wrote: Hi, Just wondering (i'm trying to understand), my CG Pro and ClamAV find the virus in the message correctly. The msg is discarded and put in Quarantine. Ok, so I tried a manual scan afterwards on this .msg file with clamscan (example below) but it can't find a virus. Is there a reasonable explanation for this or am I missing something? Interesting. Can you make the .msg file available online? I'd like too see it. System is Red Hat 9, running CgPro and cgpav-1.3 What? A 1.3 already? I didn't know. Thanks for mentioning. with clamav devel 20040128. (is it 'wise' to upgrade to newest devel?) Devels CAN be unstable. However, they can also contaion new features and bug fixes. Personally, I use the recent devel (some of my servers even run daily snapshot, updated daily, automatically). It's your choice. Regards, Fajar A. Nugraha --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] CVD (virus database) format & fields
My question is towared the following: there was a recent discussion in the MailScanner mailing list because Julian Field (the developer) is not only deprecating, but also eliminating, the possibility of 'bouncing' a mail containing a virus back to its (aparent) originator. What I do is : - reject virus with 550 SMTP error message at SMTP time, so there is no need to create a bounce message - if your server can't reject virus at SMTP (CGPro cant), then send bounces for all virus EXCEPT if the name is Worm.* So far this works fine. Regards, Fajar A. Nugraha --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Freshclam on Win32 issues MD5 verification error
Ignasi Prat wrote: Hi Clamav users: I'm running the Clamav Win32 version and it is working pretty well until I try to automatically update the database with freshclam. If I update the database by downloading manually the .CVD files to the "\share\clamav" dir everything is fine. But when I try to run the automatic update tool the result is the following: C:\clamav-devel\bin>freshclam -v Current working dir is /cygdrive/c/clamav-devel/share/clamav ClamAV update process started at Thu Feb 5 08:27:13 2004 Connected to database.clamav.net (213.184.16.3). Reading CVD header (main.cvd): OK main.cvd is up to date (version: 19, sigs: 19987, f-level: 1, builder: ddm) Connected to database.clamav.net (213.184.16.3). Reading CVD header (daily.cvd): OK Downloading daily.cvd [*] ERROR: Verification: MD5 verification error. Which version are you using? I downloaded one from http://www.sosdg.org/clamav-win32/index.php some time ago and it works fine. (never mind the prompt. It's cygwin's bash). I customized mirrors.txt to use my own mirror first. $ freshclam.exe ClamAV update process started at Thu Feb 5 15:55:03 2004 Reading CVD header (main.cvd): OK Downloading main.cvd [*] main.cvd updated (version: 19, sigs: 19987, f-level: 1, builder: ddm) Reading CVD header (daily.cvd): OK Downloading daily.cvd [*] daily.cvd updated (version: 120, sigs: 634, f-level: 1, builder: ddm) Database updated (20621 signatures) from clamav.antispam.or.id (202.134.0.71). [EMAIL PROTECTED] /c/clamav-devel/bin $ freshclam.exe -V freshclam / ClamAV version devel-20031125 Regards, Fajar A. Nugraha --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] CG Pro and ClamAV finds virus but can't find it when scanning with clamscan manually
This is simply because CGP uses non-standar mbox format. e.g. it adds these lines on top : P I 04-02-2004 16:35:40 <[EMAIL PROTECTED]> R W 04-02-2004 16:35:40 _FY_ <[EMAIL PROTECTED]> O L Before the header Received: by mail.area013.be (CommuniGate Pro PIPE 4.1.4) with PIPE id 4033392; Wed, 04 Feb 2004 17:35:40 +0100 which makes clamscan --mbox unable to parse it. cgpav was able to rip attachment from that email anyway. If you want to test it yourself, try deleting all lines before "Received" and use clamscan --mbox Kristof Hardy wrote: Thanks, it's available at http://pot.catsanddogs.com/~kristof/40820.msg [snip] I've only implemented cgpav for ClamAV, our McAfee (1000msg/hour) was always reaching limits, so now ClamAV does a much faster job without delaying the mails :) So I assume you're not using McAfee anymore? I started with ClamAV since I can't afford other AV and connector license for over 1 million users. Regards, Fajar A. Nugraha --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Freshclam on Win32 issues MD5 verification error
Ignasi Prat wrote: I'm running clamav on a Windows XP machine. Same here I've granted all rights to the user in all the clamav tree. The ClamAV was downloaded yesterday, and the compilation seems the same (isn't it ?): C:\clamav-devel\bin>freshclam -V freshclam / ClamAV version devel-20031125 Yup. Should be. C:\clamav-devel\bin>freshclam ClamAV update process started at Thu Feb 5 10:36:53 2004 Reading CVD header (main.cvd): OK main.cvd is up to date (version: 19, sigs: 19987, f-level: 1, builder: ddm) Reading CVD header (daily.cvd): OK Downloading daily.cvd [*] ERROR: Verification: MD5 verification error. Waiting 10 seconds... ClamAV update process started at Thu Feb 5 10:37:08 2004 Reading CVD header (main.cvd): OK main.cvd is up to date (version: 19, sigs: 19987, f-level: 1, builder: ddm) Reading CVD header (daily.cvd): OK Downloading daily.cvd [*] ERROR: Verification: MD5 verification error. Waiting 10 seconds... ClamAV update process started at Thu Feb 5 10:37:22 2004 Reading CVD header (main.cvd): OK main.cvd is up to date (version: 19, sigs: 19987, f-level: 1, builder: ddm) Reading CVD header (daily.cvd): OK Downloading daily.cvd [*] ERROR: Verification: MD5 verification error. Waiting 10 seconds... I specifically delete all .cvd and adjust my mirros.txt again and it still works fine C:\clamav-devel\bin>freshclam ClamAV update process started at Thu Feb 5 16:57:43 2004 Reading CVD header (main.cvd): OK Downloading main.cvd [*] main.cvd updated (version: 19, sigs: 19987, f-level: 1, builder: ddm) Reading CVD header (daily.cvd): OK Downloading daily.cvd [*] daily.cvd updated (version: 120, sigs: 634, f-level: 1, builder: ddm) Database updated (20621 signatures) from 207.201.202.73 (207.201.202.73). Try granting everyone full control to c:\clamav\devel\share\clamav folder and files. Don't know what else can cause this. Regards, Fajar A. Nugraha --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] CVD location on database Mirror : / or /database (WAS Re: [Clamav-users] Freshclam on Win32 issues MD5 verification error)
Ignasi Prat wrote: Directly http (at avmirror2.prod.rxgsys.com/database/) downloaded files give this beautiful result: You know what, your post (and a recent short "fiasco" on my server) made me try out most ClamAV mirrors. The result is quite surprising As I recalled, there was an entry on http://www.clamav.net/doc/mirrors/clamav-mirror-howto.txt which saids that database are located on /database directory (the content of the file has changed, along with the preferred method of mirroring so I can't find that particular line anymore). Seeing that you download it from avmirror2.prod.rxgsys.com/database/, I guess I'm not the only one that notice the "/database". So, every mirror SHOULD have /database/main.cvd and /database/daily.cvd, right? WRONG! clamav.datahost.com.ar has *.cvd in /, not in /database So I try something else. I put an entry in /etc/hosts for database.clamav.net that point to several mirrors one by one, and run freshclam. I also check *.cvd presence in / and /database. Here's the result : 200.32.4.47 (clamav.datahost.com.ar) : OK (*.cvd exists only in /, not in /database) 203.17.15.197 (clamav.ozforces.com) : NOK. (figures. http://www.clamav.net/mirrors.html shows all red anyway). 64.69.64.158 (clamav.gossamer-threads.com) : OK (*.cvd exists in both / and /database) 62.210.153.202 (clamav.inet6.fr) : OK ( cvd exists on /, /database/*.cvd denied) 212.162.12.159 (clamav.e-admin.de) : OK (*.cvd exists in both / and /database) 195.70.36.141 (clamav.fisher.hu) : OK (*.cvd exists in both / and /database) === stop working here. Seems all which freshclam says work are ones with *.cvd in / == Now I try your particular mirror (the ones that made your freshclam failed) : 199.239.233.95 (clamav-du.viaverio.com) : OK (*.cvd exists only in /, not in /database) 64.18.100.4 (clamav.catt.com) : OK (*.cvd exists only in /, not in /database) 213.184.16.3 (clamav.man.olsztyn.pl) : OK (*.cvd exists only in /, not in /database) = end test Havent tried old viruses.db*. Some mirrors were not tested. I guess it's safe to conclude that new versions (mine is devel-20040204) looks for *.cvd in /, not in /database. However OLDER versions (in this case devel-20031125, the one used to make Win32 binary) seems to looks for *.cvd in /database, which would explain the "Verification: MD5 verification error" : it can't find the cvd it was looking for. So, to make devel-20031125 work you should set your mirrors.txt manually to clamav.gossamer-threads.com, clamav.e-admin.de, or other mirrors which still have *.cvd on /database. I look at ChangeLog, but there's no mentioning database location change. Did I miss the documentation somehere, or is it simply undocumented? Regards, Fajar A. Nugraha --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] downgraded to 0.60 - 0.65 didnt work for me at all sind last days
mario kammerer wrote: _hi_ <http://www.eclipsecon.org/osdn> all! i have to say that i had to go back to version 0.60. 0.65 didnt work @ all for me last days since the new worm is out. high processor, everytime messages from clam concerning low memory, socket error, cant save pid and so on and so on. couldnt solve any problem i had with 0.65. Too bad. I really think the latest devels (not 0.65. Latest devel) is much better. What OS are you using? Have you tried precompiled packages? Lots of precompiled versions available on http://www.clamav.net/binary.html#pagestart thanx anyway to users who tried to help me out. 0.60 running now perfectly. As long as you're happy. You have to upgrade eventually though. Support for viruses.db* could be discontinued in the future. Regards, Fajar A. Nugraha --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: downgraded to 0.60 - 0.65 didnt work for me at all sind last days
mario kammerer wrote: i tried 0.65 and the latest devel (clamav-devel-20040204) - both have the same errors on my system. im running suse 8.2 - kernel 2.4.20-4GB-athlon - the standard one. never had troubles - even with 0.65 but since the new worm is out, my system gets crazy concerning the clamav installation. I have Suse 8.2 linux 2.4.20-4GB, running on P4. Not a production environment, so I haven't done any stress test yet, but it compiles and runs freschlam and clamd fine. nope - i dont like pre-compiled stuff - my complete server is compiled by hand, so mostly the pathes will not fit. on compiling clamav i didnt get any error - everything compiles very,very fine. If you'd like to try precompiled package, try http://clamav.or.id/snapshot/clamav-devel-latest.linux.tar.gz Seeing that you already have gmp (since you can compile OK), and we use same OS (even with different kernel), this should work. I would suggest that you replace your clamav.conf and freshclam.conf with *.conf.linux from my binary. This would eliminate any configuration and permission problem since clamd will run as root. You can change the user and any other config later. Clamd socket will be /tmp/clamd, logs will be in /usr/local/share/clamav. General installation instruction is on http://clamav.or.id Regards, Fajar A. Nugraha --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] MD5 error
Thomas Kinghorn wrote: Hi List. My platform is RH8, using clamav0.65 This morning I got the log message below: ERROR: Verification: MD5 verification error. Perhaps network error or interrupted transfer during mirror update. Freshclam will automatically choose the next available mirror. Usually you can ignore this message. Try running freshclam manually. If you still get this error NOW, you can try updating mirrors.txt or freshclam.conf to use clamav.antispam.or.id. Checked it myself (with freshclam / ClamAV version devel-20040206), and it's OK. Or you could download main.cvd and daily.cvd from any mirror manually, and verify them with sigtool -i. Regards, Fajar A. Nugraha --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] MD5 error
Ignasi Prat wrote: My platform is RH8, using clamav0.65 Running clamav0.65 on Win32 also gives me this error message. If the problem persists maybe your issue is the same I have. I don't think so. He only got the problem this morning. As for your Win32, however, try my precompiled package http://clamav.or.id/snapshot/clamav-devel-latest.cygwin.zip Instructions on http://clamav.or.id/ Built from devel-20040206, this works fine for me. Regards, Fajar A. Nugraha --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] MD5 error
Ignasi Prat wrote: It must be noticed that main.cvd that is already updated is downloaded and compared correcly. MD5 verification ? download routines that don't work here ? Don't know about that, Machine here is a PII-333 running WinXP. This binary was compiled on P4 XP, tested on another P4 XP and Xeon W2K. Don't have a PII to try ... Do you have other machine to try it on? To gain acces to the web (wich freshclam reaches) I go across an ADSL router (as many others don't think the problem is here, but I mention for in case it is significative). Don't think so. Do you wish me to try any special logging ? No. There's nothing else I can do. At this point I can only recommend trying on another machine :) Regards, Fajar A. Nugraha --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamd monitoring?
Erik Bourget wrote: Hello; I've got clamd processing a ton of mail, it does a good job not crashing these days (cvs as of a week or so ago), but the new problem is as bad or worse - the hanging. I use recent snapshot to handle lots of mail (for over 1 million users). AFAIK, It hasn't hang, nor crashed. How do you set up your clamav.conf? Did you disable timeout, archive size limit, etc? The default config file should work fine. Regards, Fajar A. Nugraha --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamav daemon
Gareth wrote: now, but want to try using the daemon instead. I've looked at Page 7 in the ClamAV PDF, and found I need to edit /etc/clamav.conf, but this file doesn't even exist in my /.etc directory, nor anywhere on my system. Perhaps the documentation is outdated ... What ClamAV version are you using? Try /usr/local/etc. If you still can't find it, try rebuilding from recent snapshot/CVS. If you still can't get it to work, try my precompiled linux build on http://clamav.or.id/. This build should work out-of-the-box, running as user root (you can change it). Regards, Fajar A. Nugraha --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Bounced messages
Vlad Jebelev wrote: is there a version of ClamAV that can detect MyDoom/SCO.A virus in bounced messages? - I've just tried the latest code from CVS and it doesn't seem to work for bounces still. Got plenty of samples if needed. Could you make the sample available online? I would like too see it too. I use external unpacker (exiscan) to extract attachements. As long as exiscan unpacker works, ClamAV should detect the virus. Regards, Fajar A. Nugraha --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamd monitoring?
Erik Bourget wrote: these days (cvs as of a week or so ago), but the new problem is as bad or worse - the hanging. Additional tidbit: When clamd is normally running, pstree shows me: clamd --- clamd --- clamd When it is hung, I see only clamd --- clamd I don't get it. What do you mean by "hung" anyway? e.g is it : - not accepting connections - consume enormous amount of resource and make system very slow How about this config file? LocalSocket /var/run/clamd.ctl Foreground ScanArchive ScanMail DatabaseMirror database.clamav.net StreamSaveToDisk ArchiveMaxRecursion 5 ArchiveMaxFiles 1000 ArchiveMaxFileSize 10M ThreadTimeout 180 MaxThreads 5 MaxConnectionQueueLength 15 PidFile /var/run/clamd.pid DataDirectory /var/lib/clamav/ SelfCheck 3600 Should work. Although personally I'd disable ScanMail, and let external unpacker do the work. Then again, on my system the mail queue format is not standard mbox format, thus clamd and clamscan --mbox was never able to pick up attachments anyway. No Log whatsoever? I would recommend adding LogVerbose, LogTime, LogFile, and LogFileMaxSize 0. Then see what the log file says. What OS and ClamAV version are you using? regards, Fajar A. Nugraha --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] installation problem - important
Tanmaya Anand wrote: hi all , I am a new to clamav. I am using linux 7.1 on a PIII machine. When i try the command ./configure --sysconfdir=/etc I get the following message *checking for C compiler default output... configure: error: C compiler cannot create executables * Are you sure your gcc is working? You could also try my precompiled build which sould work on RH 7.1 http://clamav.or.id/snapshot/clamav-devel-latest.linux-libc-2.2.5.tar.gz Regards, Fajar A. Nugraha --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: making clamav on solaris {Scanned}
Andy Fiddaman wrote: On Sun, 8 Feb 2004, Nikolaj Wicker wrote: ; i 've got to reply to myself ... ; i found my mistake: under sunos 5.9 per default /usr/bin/id is being ; used which doesn't understand -u (-a will be the choice). another ; option is to use /usr/xpg4/bin/id which can deal with "-u". (This is from database/Makefile .. (@if test `id -u` -eq 0 && ...) Yes, but this depends on the SUNWxcu4 package being installed which it isn't on our servers here. I'm not sure what the long term supported status of the XPG4 utilities is (Sun haven't made any 64-bit binary versions available yet) so it may be better to stick to the standard (/usr/bin) utilities. I use GNU id (sh-utils) 2.0.15 from sunfreeware.com. Works. Although I agree that it would be better if standard utilities work as well. Regards, Fajar A. Nugraha --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamd monitoring?
Mike Cathey wrote: under daemontools) could restart it. Does anybody have a clean way to detect clamd failure and kill it if it happens? http://mikecathey.com/code/clamdwatch/ I'd love more feedback on it. ;) Neat. I'll try it. I suggest you ask Luca to add this script (or link) on ClamAV's web page as an alternative to daemontools on clamd-supervised. Regards, Fajar A. Nugraha --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamd monitoring?
Erik Bourget wrote: It's really not an alternative, but an addition. Why? With entry in crontab */1 * * * * root /usr/local/bin/clamdwatch.pl -q && ( /usr/bin/killall -9 clamd; rm -fr /var/amavis/clamd; /etc/init.d/clamav-daemon start 2>&1 ) Wouldn't it be the same as checking clamd every minute and restarting it as necessary? Isn't that what daemontools do? Regards, Fajar A. Nugraha --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] debian / new database format
Donovan Craig wrote: I'm trying to install clamav 0.65-2 with amavis & Exim etc.. I would recommend exiscan + exim instead of amavis + exim. MUCH faster. ---> Setting up clamav-freshclam (0.65-2) ... [snip] Downloading main.cvd [*] ERROR: Verification: MD5 verification error. Giving up... I've tried a few different mirrors in /etc/clamav/freshclam.conf but keep getting the same response. Really? Tried clamav.antispam.or.id yet? I manually deleted my *.cvd, and run freshclam, it's OK. bash-2.03# freshclam ClamAV update process started at Mon Feb 9 13:04:25 2004 Reading CVD header (main.cvd): OK Downloading main.cvd [*] main.cvd updated (version: 19, sigs: 19987, f-level: 1, builder: ddm) Reading CVD header (daily.cvd): OK Downloading daily.cvd [*] daily.cvd updated (version: 124, sigs: 680, f-level: 1, builder: ccordes) Database updated (20667 signatures) from clamav.antispam.or.id (202.134.0.71). Clamd successfully notified about the update. bash-2.03# freshclam -V freshclam / ClamAV version devel-20040209 When browsing the mirrors, it seems that half of them don't have the main.cvd file at all. My previous version of clamav had .db files instead.. What's the situation with the .cvd files? *.cvd MUST exist in root web (confirmed by Luca). *.cvd entries in database are optional. Most times you wouldn't be able to browse the root dir though. Is there a problem with these at the moment? No. Not general problem. There might be problem on one or two mirrors, haven't check them all. Or is this just the Debian package? Don't know about that. Try bulding from recent snapshot or use my binary on http://clamav.or.id/. My linux binaries should work on Debian. Where does clamav get the md5 checksum to check against? From the cvd files. bash-2.03# sigtool -i main.cvd Build time: 27 Jan 2004 12-31 +0100 Version: 19 # of signatures: 19987 Functionality level: 1 Builder: ddm MD5: 46b4b24055925f69a6d5d7802dbd1479 Digital signature: QwI5dHA0EuDyu+nTowuaUtj30yqEKhpbcV1o5XdkXDiRvqTYowbqh4by/BurpQOPF15XXXODL7b4jY4n9I8Kw/7gdPLwjLgeaqDUA5WRyMtZIlOJFJcCznw/ZYmkk+FQAM9URLmCepwtLZN9uynsUKXdmZE6SVBtk4Dkg//w5Mf Verification OK. Also, I've found that if you have a happy clamav running, then download an update with a bad md5 sum, the application stops when trying to restart. Would it be better to only overwrite the current database if the md5 check is successful, I don't think this is true. It only overwrites the current database if the md5 check is successful. Try verify your current *.cvd with sigtool -i. Haven't investigate further though. Regards, Fajar A. Nugraha --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: debian / new database format
Starbane wrote: I will not install binaries outside of apt, since that is not 'the Debian way' ;) - :)) so if I must, I will look into a different AV solution. Is there another AV that has apt? AFAIK most vendors provide generic linux binary, not Debian binary. Regards Fajar A. Nugraha --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] installation problem - important
Tanmaya Anand wrote: Sir, All softwares are getting comiled and installed using gcc. This is the first time i am facing problem with gcc. That IS weird then. Also, Please guide me how to install your precompiled binary. Installation instruction is on http://clamav.or.id. Snip from web page (adjusted to be linux-specific): -Get clamav binaries for your platform. You should already have libgmp installed on /usr/lib ( this would be http://clamav.or.id/snapshot/clamav-devel-latest.linux-libc-2.2.5.tar.gz ) -Uncompress : gunzip -c clamav-devel-latest.linux-libc-2.2.5.tar.gz | ( cd / ; tar xvf - ) -Create clamav user (or whatever user you choose) : useradd clamav -Fix permissions : chown -R clamav /usr/local/share/clamav -Copy config files : cp /usr/local/etc/clamav.conf.linux /usr/local/etc/clamav.conf ; cp /usr/local/etc/freshclam.conf.linux /usr/local/etc/freshclam.conf - Edit clamav.conf: Adjust User, LocalSocket, LogFile, LogFileMaxSize and ArchiveMaxFileSize as needed. You might want to add StreamSaveToDisk, ScanMail, and ScanOLE2. You could leave it as it is and ClamAV will run as user clamav. -Edit freshclamav.conf: Adjust UpdateLogFile, DatabaseOwner, DatabaseMirror, and Checks as needed. You could leave it as it is and freshclam will run as user clamav. -Run /usr/local/bin/freshclam. -If all goes well, run '/usr/local/bin/freshclam -d' and '/usr/local/sbin/clamd' -Test your installation with '/usr/local/bin/clamscan /usr/local/share/clamav/test' and '/usr/local/bin/clamdscan /usr/local/share/clamav/test'. Both should find ClamAV-Test-Signature. Please address any future installation problem from this binary to me directly, not to clamav-users list. Regards, Fajar A. Nugraha --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Spam filter and clam-av
Claudio Alonso wrote: Hello, I'd like to know if you can recommend any spam filter to work together with clamav It's not related, really. What matters is not your AV scanner, but your mail server or content-filtering software. The best open source spam filter (in my oppinion) is SpamAssassin (SA) on a Digital Unix server running ZMailer. Haven't tried ZMailer. Amavis (with variations : ng, d, new, etc) might work as content-filtering software.; it should work on any mail server. You can then tell Amavis to use clamav and SA. Beware though : Running spam filtering software could consume more resource that your AV scanner. Running both on a single server could increase your machine load significantly. A less resource-consuming method against spam is to use DNS-based blacklist You may be able to get more information on SA or amavis mailing list. Regards, Fajar A. Nugraha --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Spam filter and clam-av
Claudio Alonso wrote: The best open source spam filter (in my oppinion) is SpamAssassin (SA) Thanks Fajar, I heard that, but I couldn't get SpamAssassin to compile on Digital (Digital UNIX doesn't seem to provide the snprintf function which is apparently needed by SpamAssassin). It does, but NOT with the default perl (and perhaps not with the default cc either). I use Tru64 UNIX V5.0A, perl 5.6.1, and gcc 3.3.2 from ftp.thewrittenword.com. Even then I can't use `perl -MCPAN -e shell`. I have to use `perl -MCPAN -e "install Mail::SpamAssassin"` Since this is not ClamAV-related issue, please address further email (if any) to me directly, not to clamav-users list Regards, Fajar A. Nugraha --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] RE: Build problems on Solaris
Edmund wrote: Alex S Moore wrote: Picked up the CVS source today and ran my build procedures. I have the following error. Where did the '@' sign come from in front of /opt/csw/bin/ginstall? I checked the last successful build output and there was nothing like that in the file. /opt/csw/bin/ginstall does exist. I'm having the same problem. But it's with the 20040208 build. All I can say is you WON'T have any problem if you don't have /opt/csw/bin/ginstall :) I update my binary snapshot daily at http://clamav.or.id. All daily snapshot since February 4 compiled OK on my Solaris 8. I had to install GNU shutils since Solaris' /bin/id doesn't undrestand 'id -u', but it's not related to your problem Regards, Fajar A. Nugraha --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] 0.65 is deprecated ?
Cedric Foll wrote: So we have to use a CVS version or use an external program to extract attachements ? I would say use a CVS version AND use an external program to extract attachment :) However, with exim+exiscan patch it's the mail server (or MTA) that does all the mime-ripping. So in a way no "external" program required : only mail server and virus scanner. Regards, Fajar A. Nugraha --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
O_BINARY breaks nono-linux build (WAS Re: [Clamav-users] making clamav under solaris {Scanned})
Nikolaj Wicker wrote: trying to compile the latest cvs-code under solaris 9 SPARC with these options: throws this error in libclamav (mbox.c) gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I./zziplib -g -O2 -c mbox.c -MT mbox.lo -MD -MP -MF .deps/mbox.TPlo -fPIC -DPIC -o .libs/mbox.lo mbox.c: In function `saveFile': mbox.c:1653: error: `O_BINARY' undeclared (first use in this function) mbox.c:1653: error: (Each undeclared identifier is reported only once mbox.c:1653: error: for each function it appears in.) Hi, Just want to add something. From ChangeLog, it seems that Nigel adds O_BINARY to fix cygwin problem on Feb-11, but in turn it breaks non-linux build (namely AIX, Solaris, and DEC OSF). Same error as above. Wed Feb 11 08:19:54 GMT 2004 (njh) -- * libclamav: Use O_BINARY when saving attachments which is required for Cygwin. Thanks to "Andrey Cherezov" <[EMAIL PROTECTED]> My last successful build was ClamAV version devel-20040211 Regards, Fajar A. Nugraha --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] freshclam as non-privileged user?
Daniel J McDonald wrote: On Thu, 2004-02-12 at 18:24, Jim Maul wrote: does the "unprivileged user" have access to write to /var/log/clamav/ ?? Nope. It did not have write permission under 0.65 either. It MUST now. The user in DatabaseOwner on freshclam.conf MUST have write acces to : - database directory (to create temporary files during database download) - database files (obviously) - freshclam log file (if used). It SHOULD (but not MUST) be the same as User setting on clamav.conf. Regards, Fajar A. Nugraha --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] 0.66
Nigel Horne wrote: it is quite possible to run clamav-milter unprivileged with no dirty chmod 777s Yes, but in my case it can NOT be in /var/run. ClamAV runs as clamav (and apparently, so does clamav-milter), thus I get Feb 13 23:05:12 rh73-1 clamav-milter: ClamAv: Unable to bind to port local:/var/run/clamav.sock: Permission denied Feb 13 23:05:12 rh73-1 clamav-milter: ClamAv: Unable to create listening socket on conn local:/var/run/clamav.sock This is with clamav-milter started as root. I ended up putting clamd's and clamav-milter's socket in /usr/local/share/clamav (writable by clamav user). It works fine. Could you include your config (if it works) as part of standard distribution (or somewhere in web's doc section) ? PS : I would also like to add that on clamav-devel-20040212 Solaris build is still broken due to mbox.c:1653: `O_BINARY' undeclared Regards, Fajar A. Nugraha --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] 0.66
Fajar A. Nugraha wrote: I would also like to add that on clamav-devel-20040212 Solaris build is still broken due to Scratch that. It is fixed on devel-20040213. It compiles OK on Solaris, AIX, and OSF now. Thanks :) Regards, Fajar A. Nugraha --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] 0.66
Peter Bonivart wrote: Fajar A. Nugraha wrote: It is fixed on devel-20040213. It compiles OK on Solaris I have to disagree. The "id -u" problem with Solaris is still in that snapshot, I just tried it. Yes, it is I think you mentioned earlier that you use GNU id and you probably have that in your path so it works but for the rest of us it doesn't. Yes, quite right. I'm surprised you still remember that. I would like /usr/xpg4/bin/id to be used when it's compiled on Solaris. It's standard and it supports -u. BTW, what cc do you use? Sun cc or gcc? Whatever it is, you had to install a c-compiler first, right? "standard" Solaris with no addition whatsoever can not build clamav. I find acceptable if I had to get something first to build clamav (in this case : gcc, zlib, gmp, and gnu shutils). I find it NOT acceptable if I have to hack the source code personally before compiling. That's why I'm not complaining about "id -u". That's what I think anyway. Although a fix in source-code (or Makefile) to be solaris-id compatible wouldn't hurt either :) Regards, Fajar A. Nugraha --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamav-devel 20040213 for windows
Cedric Foll wrote: I have an other problem with absolute path of files: C:\clamav-devel\test>clamdscan c:\clamav-devel\test\test1 /cygdrive/c/clamav-devel/test/c:\clamav-devel\test\test1: Can't access the file ERROR Yes, it does that. I don't know how to fix it. However, clamscan handles absoulte path correctly. If you WANT to use clamd, don't use clamdscan. Look at contrib/Windows/ directory on Clamav's SOURCE package (http://clamav.net/snapshot/clamav-devel-latest.tar.gz) You will find a GUI client for clamd, clamav.exe. AFAIK you also have to change clamav.conf to use TCP port instead of Local Socket. Regarding the MD5 error, what makes me wonder is why some people has it and some don't. What's your system spec? e.g : - CPU, OS - Do you have Cygwin, what version - If you have cygwin, what line ending convention do you use? Dos or Unix style? Regards, Fajar A. Nugraha --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamav-devel 20040213 for windows
Brian Bruns wrote: running Cygwin 1.5.7 in *UNIX line ending mode*. Which, I think, is why neither of us has problems with freshclam.exe. I tried my build on non-cygwin Win2k's, and they have MD5 verification error too. I still can't figure out why Ignasi Pratt's build has handle_exceptions error though. I'll check the source and see if I can figure out why the paths are not being correctly mapped. If you could, great In cygwin, it is supposed to be able to map C:\ to /cygdrive/c (which is how I make programs that use cygwin work like standard Windows applications). Not map. Cygwin can recognize both paths, the /cygdrive/c and c:\.. Which is why clamscan works. But the problem is clamd (or clamdscan) thinks of "c:\clamav-devel-latest\share\clamav\test" as non-absolute path, and automatically add it's own path (/cgdrive/c/ ...) in front of it. Thus you get /cygdrive/c/clamav-devel-latest/bin/c:\clamav- which is a non-existent path. Regards, Fajar A. Nugraha --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] clamav-devel-20040215 : automake build error on Fedora Core 1
[snip] cd . && \ /bin/sh /data/src/clamav/clamav-auto-build/clamav-devel-20040215/missing --run automake-1.6 --gnu Makefile aclocal.m4:4200: version mismatch. This is Automake 1.6.3, but aclocal.m4 aclocal.m4:4200: was generated for Automake 1.6.1. You should recreate aclocal.m4:4200: aclocal.m4 with aclocal and run automake again. make: *** [Makefile.in] Error 1 [EMAIL PROTECTED] clamav]# rpm -qa | grep -i auto automake16-1.6.3-1 automake-1.7.8-1 autoconf-2.57-3 autofs-3.1.7-42 automake14-1.4p6-7 automake15-1.5-9 [snip] This is from clamav-devel-20040215. If I'm right, ./configure complains because my version of automake-1.6 is newer then what it expects. Removing my automake-1.6 make it works. devel-20040214 works fine even with automake-1.6.3. Running fedora core 1. Regards, Fajar A. Nugraha --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: clamav-devel 20040213 for windows
Ignasi Prat wrote: I tried my build on non-cygwin Win2k's, and they have MD5 verification error too. Efectively I have *no CYGWIN installed.* I have not had time yet. All machines I tested had no CYGWIN installed. All crushed with MD5. Just as I thought. ANyway, the developers seems to have fixed this by adding O_BINARY (again) for Cygwin build only. As usual, you can get my precompiled daily build on www.clamav.or.id. Tested it earlier, and it works fine. Handle_exceptions apeared only on the binaries of *precompiled* CVS in "clamav_devel_latest" aproximately since 17th of February. Meaning you use my build? How odd. With or without cygwin, I never get THAT error. Regards, Fajar A. Nugraha --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamav-devel 20040216 for windows
Ignasi Prat wrote: Hi everyone at Clamav: The today's CVS downloaded at http://clamav.or.id/ is does not give an MD5 verification error but gives this error: Seems I replied your previous post too early :) C:\clamav-devel-latest\bin>freshclam -v [snip] STATUS_ILLEGAL_INSTR UCTION 7543 [main] freshclam 1856 open_stackdumpfile: Dumping stack trace to freshcl am.exe.stackdump [snip] The same error is issued by clamscan and clamd: [snip] Probably this error is only issued with non instaleld CYGWIN machines. Could anyone check this assumption ? At least I know that this error is NOT because you don't have cygwin installed. C:\clamav-devel-latest>bin\freshclam ClamAV update process started at Mon Feb 16 16:40:06 2004 Reading CVD header (main.cvd): OK Downloading main.cvd [*] main.cvd updated (version: 19, sigs: 19987, f-level: 1, builder: ddm) Reading CVD header (daily.cvd): OK Downloading daily.cvd [*] daily.cvd updated (version: 130, sigs: 731, f-level: 1, builder: ccordes) Database updated (20718 signatures) from clamav.antispam.or.id (202.134.0.71). connect(): Connection refused ERROR: Can't connect to clamd. C:\clamav-devel-latest>bin\clamscan share\clamav\test share\clamav\test/debugm.c: OK share\clamav\test/rarfail.rar: RAR module failure. share\clamav\test/rarfail.rar: OK share\clamav\test/README: OK share\clamav\test/test1: ClamAV-Test-Signature FOUND share\clamav\test/test1.bz2: ClamAV-Test-Signature FOUND share\clamav\test/test2.badext: ClamAV-Test-Signature FOUND share\clamav\test/test2.zip: ClamAV-Test-Signature FOUND share\clamav\test/test3.rar: ClamAV-Test-Signature FOUND --- SCAN SUMMARY --- Known viruses: 20718 Scanned directories: 1 Scanned files: 8 Infected files: 5 Data scanned: 0.00 MB I/O buffer size: 131072 bytes Time: 0.592 sec (0 m 0 s) C:\clamav-devel-latest>bin\clamscan -V clamscan / ClamAV version devel-20040216 This is on W2K, Sp4, no Cygwin. Again, have you tried it in other machines? Regards, Fajar A. Nugraha --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: clamav-devel 20040213 for windows
Brian Bruns wrote: BTW, the only reason why we are putting out our own build (not to compete with you obviously) Obviously :) My builds are mainly for testing purposes; thus it is based on daily CVS snapshot. is because we are trying to eventually release a 'quality assured' version of clamav (if you could call it that), sorta like what ActiveState does with Perl. The idea being that once things are stabilized and we have clamav-win32 working like we want to, we are going to release 'stable' builds based on the most current version of clamav. Great ! We do the same thing with ircII EPIC4 For Windows and have had pretty good success. My hope is, that eventually, we might be able to create a native version of clamav for windows which does not require the cygwin layer, and would be able to compete directly with Norton AV or McAffee. That would be nice. What would be even better if you could come up with some kind of on-access scanning mechanism. Sort of clamuko-win32. I've got some of my internal developers tinkering with the code right now to see if we can do it easily or if we are out of our league. Naturally, any changes we make will obviously be contributed back :-) Again, great ! Regards, Fajar A. Nugraha --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: clamav-devel 20040213 for windows
Andrey Cherezov wrote: In this your clamav/Windows build there is fixed 'MD5 problem', but seems not fixed temporary file creation error in mbox.c: I probably should mention again that I don't modify the clamav source in any way; I simply build daily snapshots on many platforms. Three of them is because I use it on my mail servers, the other three is simply because I want to. Out of all build, the solaris build is downloaded most often. Fajar, the right version of mbox.c is 1.40 and 1.42-44. 1.41 - wrong. It seems Nigel already fixed that * Change History: * $Log: mbox.c,v $ * Revision 1.44 2004/02/15 08:45:54 nigelhorne * Avoid scanning the same file twice * * Revision 1.43 2004/02/14 19:04:05 nigelhorne * Handle spaces in boundaries * * Revision 1.42 2004/02/14 17:23:45 nigelhorne * Had deleted O_BINARY by mistake Which means starting from devel-20040215 the daily build should work fine too. The fixed version (posted to *ftp://bitrix.eserv.ru/download/clamav1.rar* Are you sure? There's now folder called "download" there. There's pub, addons, eserv, but no download. 11.Feb.2004) works on any windows (with or w/o cygwin installed, not depends of LF/CRLF cygwin settings), clamDscan not inserts /cygdrive/, detects all viruses in virus archive, could be installed in any directory... Is it modified source code or do you compile it in a special way? You probably should submit the diffs to clamav developers so this change can be incorporated into future releases. If you compile it in a special way, then I really like to know how :) Regards, Fajar A. Nugraha --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Implementation Questions
Brian Bruns wrote: I use exim 4.30 with the exiscan/local_scan patches Hey, another thing we share in common! which integrate clamav directly into exim. Works like a charm Very true! It can reject virus right at SMTP time, AND with less CPU load than those perl-scanners too :) and stops a good portion of the viruses (still some MyDoom viruses getting through, not sure why). In my case, sometimes it's because I get "can't connect to /tmp/clamd" errors. I have another ClamAV at the "real" mailserver (not exim), so I can simply let all mail pass thru when this error happens on exim/exiscan. I tag emails with "warn" during virus checks, not with a "deny" so that mail processing continue even if clamd fails. How do you setup yours? Regards, Fajar A. Nugraha --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
